fix(PROJ-35): OCR Tempdir auf storage_dir umleiten

Mit systemd ProtectSystem=strict ist /tmp fuer den Service read-only.
ocr.SetTempDir(storage_path/ocr-tmp) nutzt einen RW-Pfad innerhalb der
ohnehin freigegebenen ReadWritePaths.

cmd/archivmail/cmd_ocr_reprocess.go

@@ -75,6 +75,8 @@ func runOCRReprocess(args []string) {
 		logger.Warn("ocr tools not on PATH — install tesseract-ocr + poppler-utils",
 			"pdftotext", ts.HasPdftotext, "tesseract", ts.HasTesseract, "pdftoppm", ts.HasPdftoppm)
 	}
+	// Keep scratch space inside the storage dir (matches the daemon's setup).
+	ocr.SetTempDir(cfg.Storage.StorePath + "/ocr-tmp")
 
 	ctx := context.Background()
 

cmd/archivmail/main.go

@@ -174,6 +174,9 @@ func main() {
 	// PROJ-35: OCR-Worker — extracts text from PDF/image attachments and feeds
 	// it back into the per-tenant Manticore index. Non-blocking submit so the
 	// mail intake pipeline is never delayed.
+	// systemd's ProtectSystem=strict restricts /tmp; route OCR scratch space
+	// into the storage-dir which is guaranteed-RW.
+	ocr.SetTempDir(cfg.Storage.StorePath + "/ocr-tmp")
 	ocrWorker := ocr.NewWorker(mailStore, idxMgr, ocr.Options{
 		Workers:   2,
 		QueueSize: 1000,